ClawHub

Clawreverse

Security checks across malware telemetry and agentic risk

Overview

ClawReverse matches its rollback-and-branching purpose, but it persists raw session transcripts and prompts locally in ways users may not expect.

Review before installing if your OpenClaw sessions or workspaces may contain secrets, customer data, proprietary prompts, or sensitive tool outputs. The plugin is locally focused and purpose-aligned, but it can duplicate that information into checkpoint and registry directories and can create durable child agents/workspaces when continuing from a checkpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code reads the session transcript from ctx.transcriptPath, copies all JSONL entries up to the selected entryId, and writes them into the checkpoint directory as transcript-prefix.jsonl. That creates a second at-rest copy of potentially sensitive prompts, tool outputs, secrets, or user data, but this file contains no consent, minimization, encryption, retention, or access-control logic around that snapshotting behavior.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The continue prompt is stored in branch metadata (`services.registry.saveBranch`) and runtime state (`lastContinuePrompt = prompt`), which can capture sensitive user input such as secrets, internal file paths, or proprietary data. In a session-recovery plugin, prompts may contain especially sensitive operational context, so persisting them without minimization, redaction, retention limits, or clear disclosure increases the risk of unintended exposure through logs, diagnostics, backups, or later inspection tooling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal